This appendix summarizes the VLAN Policy Server command-line interface (CLI) commands. When you make a configuration change using these commands, the system configuration is updated immediately.
The command-line interface (CLI) uses the following conventions:
The key combination ^c or Ctrl-C means hold down the Ctrl key while you press the C key.
A string is defined as a nonquoted set of characters.
Do not confuse the VLAN Policy Server CLI with the IOS CLI. They are similar, but they are not identical.
Command Privileges
Access to CLI commands is controlled by your user account privilege level. Users with privilege level 15 can use all commands. Users with privilege level 0 can use only a subset of the commands. The command descriptions in this appendix are organized by privilege level. For more information about user accounts and privileges, refer to the "Administering User Accounts" section.
Checking Command Syntax
The user interface provides several types of responses to incorrect command entries:
If you enter a command line that does not contain any valid commands, the system displays Command not found.
If you enter a valid command but omit required options, the system displays Incomplete command.
If you enter a valid command but provide invalid options or parameters, the system displays Invalid input.
In addition, some commands have command-specific error messages that notify you that a command is valid, but that it cannot run correctly.
Command History Feature
The CLI provides a command history feature. To display previously entered commands, press the up arrow key. After pressing the up arrow key, you can press the down arrow key to display the commands in reverse order. To run a command, press Enter while the command is displayed on the command line. You can also edit commands before pressing Enter.
System Help
You can obtain help using the following methods:
For a list of all commands and their syntax, enter help, then press Enter.
For help on a specific command, type the command name, a space, and a question mark, then press Enter, for example, ntp ?. The help contains command usage information and syntax.
Command Summary
Table C-1 summarizes all commands available on the VLAN Policy Server. Refer to the full description of commands that you are not familiar with before using them.
Sets the amount of time to wait between sending each packet.
wait
Amount of time to wait between sending each packet, in seconds. The default is 1.
s
Sets the size of each echo packet
packetsize
The size of each echo packet, in bytes. The default is 56.
n
Disables reverse DNS lookup.
hostname
Host name of system to ping.
ip-address
IP address of system to ping.
Usage Guidelines
To use this command with the hostname argument, DNS must be configured on the system. To force the time-out of a nonresponsive host or to eliminate a loop cycle, press Ctrl-C.
Example
This command sends 4 echo packets to the host otherhost with a wait time of 5 seconds between each packet:
ping -c 4 -i 5 209.165.200.224
PING 209.165.200.224 (209.165.200.224) from 209.165.201.0 : 56(84) bytes of data.
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=0 ttl=246 time=16.3 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=1 ttl=246 time=2.0 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=2 ttl=246 time=2.1 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=3 ttl=246 time=2.1 ms
show clock
To display the system date and time in Coordinated Universal Time (UTC), use the show clock command.
show clock
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
Use the show clock command to display the system date and time. For more information about the system time, see the "Setting System Date and Time" section.
To display information about processes running on the system, use the show process command.
show process [page]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
Example
This command displays information about processes running on the system:
(Optional.) Sets the time-to-live used in the first outgoing probe packet.
first_ttl
Time-to-live value of the first outgoing probe packet. The default is 1 hop.
-m
(Optional.) Sets the maximum time-to-live (maximum number of hops) used in outgoing probe packets.
max_ttl
Maximum time-to-live for outgoing probe packets. The default is 30 hops.
-w
(Optional.) Sets the time to wait for a response to a probe, in seconds.
waittime
Time to wait for a response to a probe, in seconds. The default is 5.
host
Name or IP address of host to which to connect.
packetlength
(Optional.) The length of the packet to send, in bytes. The default and minimum value is 40.
Usage Guidelines
Use the traceroute command to trace the network route to a specified host and identify faulty gateways. The command displays a list of the hosts that receive probe packets as they travel to the destination host, in the order that the receiving hosts receive the packets. Asterisks ( * ) appear as the list entry for hosts that do not respond to probing correctly.
Example
This command displays the network route to the host otherhost with a packet time-to-live value of 2, a wait time of 5 seconds, and 50-byte packets:
traceroute -m 20 -w 10 cisco.com 50
traceroute to example.com (209.165.200.224), 20 hops max, 50 byte packets
1 ex1.com (209.165.200.225) 0.981 ms 0.919 ms 0.926 ms
2 ex2.com (209.165.200.254) 1.528 ms 0.747 ms 0.661 ms
3 ex3.com (209.165.200.255) 0.887 ms 0.770 ms 0.744 ms
4 ex4.com (209.165.201.0) 0.932 ms 0.789 ms 0.679 ms
5 ex5.com (209.165.201.1) 1.066 ms 1.052 ms 0.983 ms
6 ex6.com (209.165.201.30) 1.472 ms 1.247 ms 1.847 ms
7 ex7.com(209.165.201.31) 1.738 ms 1.424 ms 1.658 ms
8 ex8.com (209.165.202.128) 3.728 ms 2.429 ms 2.804 ms
9 ex9.com (209.165.202.129) 6.283 ms 5.499 ms 3.285 ms
10 ex10.com (209.165.202.158) 9.926 ms 73.463 ms 3.895 ms
11 ex11.com (209.165.202.159) 70.967 ms * 47.106 ms
Use the backupconfig command to set the configuration for all backup and restore operations. To clear the backup and restore configuration information, use the no backupconfig command.
Ethernet port on which CDP will be enabled. Acceptable values are eth0-15.
timer
Set cdp packets retransmission time.
seconds
Amount of time, in seconds, that the system takes to either transmit the cdp packet information or to hold another system's cdp packet information.
holdtime
Set cdp packet info hold time.
Usage Guidelines
Cisco Discovery Protocol (CDP) is a protocol by which one Cisco device can recognize, and be recognized by, another Cisco device.
The run command starts the system sending out signals to the other systems.
The timer command sets the amount of time, in seconds, that these signals are sent.
The holdtime sets the amount of time a system will recognize another system without receiving a signal. For example, if your system's holdtime is set to 30 seconds, and another system that has already been recognized by yours does not send a signal within 30 seconds, your system will cease to recognize it. If you are using the no cdp command, the timer and holdtime commands set their respective values to the default value.
Example
This command sets the cdp packet retransmission time at 10 seconds:
cdp timer 10
This command sets the cdp packet retransmission to its default time:
no cdp timer
clock
To set the system date and time, use the clockcommand.
clock {sethh:mm:ssmonth day year}
Syntax Description
set
Sets the system clock.
hh:mm:ss
Current time (for example, 13:32:00).
month
Current month. You can enter full month names or abbreviations that include at least the first 3 characters of the month name (for example, jan, feb, mar).
day
Day of the month (for example, 1 to 31).
year
Current year (for example, 2000).
Usage Guidelines
To set the date and time, use the set option.
If you configure the system to use Network Time Protocol (NTP), you do not need to set the system clock manually using the clock command. When setting the clock, enter the current time in Coordinated Universal Time (UTC).
To erase the configuration in Flash memory and reload the device, use the erase config command.
erase config
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
Use this command to erase the configuration in Flash memory and reload the device.
When you enter the command, you are prompted for confirmation. Enter yes to confirm, or press Enter to accept the default response no.
CautionWhen you confirm this command, the system configuration is erased and the system reboots automatically. The system will not operate until you reconfigure it.
Port to be configured. Acceptable values are eth0-5.
public
Denies access via ICMP, Telnet, SNMP, and the HTTP 1741 port.
private
Denies no access.
icmp
Denies Internet Control Message Protocol (ICMP) ping messages.
telnet
Denies incoming Telnet connections.
ssh
Denies incoming SSH connections.
snmp
Denies incoming SNMP requests.
https
Denies all connections to the SSL HTTP port.
1741
Denies all connections to the HTTP 1741 port.
Usage Guidelines
Use the firewall command to implement port filtering on the VLAN Policy Server. To configure an Ethernet port for secured public access, use the public option. To configure an Ethernet port for local access, through a LAN or VLAN, use the private option. To disable icmp, Telnet, ssh, snmp, https, or to deny connections to the SSL HTTP port or the HTTP 1741 port, use its corresponding option.
Example
The following is an example of a secure Ethernet port configuration:
The Ethernet 0 port is connected to the Internet, and is configured to be accessible only through HTTPS by entering the following command:
firewall eth0 public ssh 1741
The Ethernet 1 port is connected to an internal LAN or VLAN, and is configured to be accessible through any of the supported protocols by entering the following command:
firewall eth1 private
An on-site user has full access to the VLAN Policy Server, but an external user can access it using a secure connection only.
gethostbyname
Use the gethostbyname command to display the IP address of a known domain name.
gethostbynamehost
Syntax Description
host
Domain name of host.
Example
This command displays the IP address of example.com:
gethostbyname example.com
209.165.200.224
hostname
To change the system hostname, use the hostnamecommand.
hostnamename
Syntax Description
name
New hostname for the VLAN Policy Server; the name is case-sensitive and may be from 1 to 22 alphanumeric characters.
Example
The following example changes the hostname to sandbox:
hostname sandbox
import
To import host files, or to map IP addresses to hostnames, use the import command.
To map a single hostname to an IP address, enter the import command as follows:
import hosthostname ipaddress
To import host files from an external, ftp-accessible server, enter the import command as follows:
import hostsftp-host username password path
To remove an individual IP address from a host file, use the no version of the import command as follows:
no import hosthostname ipaddress
To remove an imported host file, use the no version of the import command as follows:
no import hosts
Example
This command imports host files from the ftp-accessible server ftpserver_1. Ftpserver_1 has the username admin, the password pass, and the path /ftpserver_1/hosts.
This command deletes the hosts imported in the example above:
no import hosts
install configure
To define the repository that the VLAN Policy Server uses to install software updates and images, use the install configure command.
install configure {URLURL Value | default | save}
Syntax Description
URL
Sets the URL of the repository.
URL Value
The URL of the repository. The URL should take the form http://host:port/path (the path is not a requirement).
default
Configures the VLAN Policy Server to be its own repository. The URL is http://localhost:9851.
save
Saves the current configuration in the install.ini file.
Usage Guidelines
The install configure command defines the repository that the VLAN Policy Server uses. A repository is a remote or local server from which a system can download software updates and images. Only HTTP is supported.
Example
The following command configures the VLAN Policy Server to use http://209.165.200.22, with port 9851, as a repository:
To list software updates and images currently available on the configured repository, use the install list command.
install list [all | full | page | updates]
Syntax Description
all
Displays all software updates and images on a configured repository. This command displays the name, the version, the requirements, the type, and a summary of the software.
full
Displays only the complete images on a configured repository. This command displays the name, the version, the requirements, the type, and a summary of the image.
page
Displays only the names of all software updates and images on a configured repository. All other information is omitted.
updates
Displays only the updates on a configured repository. This command displays the name, the version, the requirements, the type, and a summary of the update.
Usage Guidelines
The install list command displays software updates and images currently available on a repository. A repository is a remote or local server from which a system can receive software.
Example
Enter the following command to display a list of all available software updates and images on a configured repository:
install list all
Name Version Requires Type Summary
EX-2.0 2.0 URT-2.0 UPDATE User Registration...
EX-2.0.6 2.0.6 URT-2.0.6 UPDATE User Registration...
EX-2.0.6j 2.0.6j URT-2.0.6 UPDATE User Registration...
EX-2.0.7 2.0.7 URT-2.0.7 UPDATE User Registration...
EX-2.0.7 2.0.7 URT-2.0.7 UPDATE User Registration...
To install a software update or image, use the install update command.
install update package name
Syntax Description
package name
Name of the software update or image to be installed. To see the names of software updates and images available for installation, use the install list command. For more information, see the "install list" section.
Name of the interface port to be configured. Acceptable values are eth0-5.
up
Enables the interface (the default).
If you include the ipaddress parameter and want to enable the interface in the same command, either enter the up parameter after ipaddress and its required parameters, or do not specify the up or down parameters (up is the default).
down
Disables the interface.
If you include the ipaddress parameter and want to disable the interface in the same command, enter the down parameter after ipaddress and its required parameters.
ipaddress
The IP address of the interface.
netmask
The netmask of the interface IP address.
default-gateway
Changes the IP address of the default gateway that connects the VLAN Policy Server to the network.
address
The gateway IP address.
Default
When you enter the interface command, the interface that you specify is enabled by default. If you want to disable an enabled interface or leave a disabled interface disabled, you must specify the down option.
Usage Guidelines
Use the interface command to configure an Ethernet interface.
If you change the IP address or hostname, follow these steps to ensure that applications using the system can connect to it correctly:
Step 1 Stop and restart management services by entering:
# services stop
# services start
Step 2 Verify that management applications that use the system can still connect to it.
Step 3 Reconnect any applications that cannot connect to it using the system's new IP address or hostname.
Example
This command disables the Ethernet 1 interface:
interface eth1 down
This command sets the Ethernet 0 IP address, netmask, and gateway IP address:
interface eth0 209.165.200.224 255.255.255.224 default-gateway 209.165.201.31 up
ip domain-name
To define a default domain name, use the ip domain-name command. To remove the default domain name, use the no form of the command.
[no] ip domain-namename
Syntax Description
name
Domain name (for example, cisco.com).
Usage Guidelines
Use this command to define a default domain name.
A default domain name allows the system to resolve any unqualified host names. Any IP hostname that does not contain a domain name will have the configured domain name appended to it. If you are using a DNS server, this appended name is resolved by the DNS server, and then added to the host table.
Example
This command defines the default domain name cisco.com:
To specify the address of up to three name servers for name and address resolution, use the ip name-servercommand. To disable a name server, use the no form of the command.
[no] ip name-serverip-address
Syntax Description
ip-address
Name server IP address (maximum of 3).
Usage Guidelines
Use the ip name-servercommand to point the system to a specific DNS server. You may configure up to three servers.
If you attempt to configure a fourth name server, the following error message appears:
# Name-server table is full.
The system must have a functional DNS server configured to function correctly. If it does not, in most cases it will not correctly process requests from management applications that use it. If the system cannot obtain DNS services from the network, Telnet connections to the system will fail or Telnet interaction with the system will become extremely slow. For more information, refer to the "Cannot Connect to System with Telnet or Telnet Interaction Is Slow" section.
Example
This command assigns a name server for the system to use for DNS name to address resolution:
ip name-server 209.165.200.224
This command disables the name server; the system will not use it for name to address resolution:
To translate a DNS name to its IP address or an IP address to its DNS name, use the nslookup command.
nslookup {dns-name | ip-address}
Syntax Description
dns-name
DNS name of a host on the network.
ip-address
IP address of a host on the network.
Example
The following command translates the DNS name hostname to its IP address:
nslookup hostname
Server: dns.ex1.com
Address: 209.165.200.224
Name: ex1.com
Address: 209.165.201.0
ntp server
To configure the Network Time Protocol (NTP) and allow the system clock to be synchronized by a time server, use the ntp servercommand. To disable this function, use the no form of this command.
[no] ntp server ip-address
Syntax Description
ip-address
IP address of the NTP time server providing clock synchronization.
Usage Guidelines
Use the ntp server command to synchronize the system clock with the specified NTP server. If you configure multiple NTP servers, the system will synchronize with the first working NTP server it finds. There is no limit to the number of NTP servers that you can configure.
The ntp server command validates the NTP server that you specify. The possible results are:
If the server is a valid NTP server, a message similar to the following appears:
# 19 Jan 00:43:48 ntpdate[1437]: step time server 209.165.200.224 offset 999.257304
If no NTP server with the name or IP address you specified exists, a message similar to the following appears:
# 19 Jan 00:43:40 ntpdate[1431]: no server suitable for synchronization found
In this case, remove the NTP server by using the no form of the command, then configure a valid NTP server.
If the system time is set to a time later than the time on the NTP server, a message similar to the following appears:
# 19 Jan 00:43:58 ntpdate[1265]: Can't adjust the time of day: Invalid argument.
In this case, the ntp server command is entered into the system configuration, but NTP will not function. Follow these steps to remove the command and configure NTP correctly:
Step 1 Remove the ntp server command from the configuration by using the no form of the command. For example:
no ntp serverip-address
where ip-addressis the IP address of the NTP server.
Step 2 Set the system clock to a time that is behind the time on the NTP server using the clock set command. For more information about the clock command, refer to the "clock" section.
Step 3 Enter the ntp server command again to configure the NTP server on the system. For example:
ntp serverip-address
Example
This command configures the system to use an NTP server:
ntp server 209.165.201.0
This command configures the system to stop using the NTP server:
To reinitialize the database, use the reinitdb command.
reinitdb
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
The reinitdb command reinitializes the database. This command erases all information contained within the database.
Example
This command reinitializes the database:
reinitdb
repository
To configure the VLAN Policy Server to be a repository server, use the repository command.
repositorysourceURL
Syntax Description
source
Sets the location from which the local repository downloads software updates and images.
URL
The IP address of an external server containing software updates and images.
Usage Guidelines
The repository command allows the VLAN Policy Server to be a repository both for itself and for external systems. A repository is a remote or local server from which a system can receive software updates and images.
The repository command only configures the VLAN Policy Server to be a repository. To configure the VLAN Policy Server to install software updates and images from this repository, see the "install configure" section.
Example
To configure the VLAN Policy Server to be a repository, and to download software updates and images from http:// 209.165.200.224, enter the following command:
To transfer software updates and images from a remote server to the VLAN Policy Server local repository, use the repository add command.
repository addpackage
Syntax Description
package
Name of the software update or image to be transferred.
Usage Guidelines
The repository add command transfers software updates and images from a remote server to the VLAN Policy Server local repository. You will be prompted to enter a username and password if they are needed to access the remote server.
Example
To transfer the update EX_2.0 from an update server to the local repository, enter the following command:
To delete software updates and images on the VLAN Policy Server local repository, use the repository delete command.
repository delete [package | all]
Syntax Description
package
Name of the software update or image to be deleted.
all
Deletes all software updates and images in the local repository.
Usage Guidelines
The repository delete command deletes software updates and images on the VLAN Policy Server local repository. A repository is a remote or local server from which a system can receive software updates and images.
Example
The following command deletes the update EX_2.0 from the local repository:
To list software updates and images on the configured local or remote repository, use the repository list command.
repository list {local | remote} [detail] [page]
Syntax Description
local
Lists software updates and packages on the local repository.
remote
Lists software updates and packages on a remote repository.
detail
Includes details of the software updates and images displayed.
page
Displays the software updates and packages one page at a time.
Example
To list the software updates and images available on the configured local repository, with details and one page at a time, enter the following command:
To start, stop, or view the status of the VLAN Policy Server local repository, use the repository server command.
repository server [stop | start | status]
Syntax Description
stop
Stops the local repository.
start
Starts the local repository.
status
Displays the status of the local repository.
Usage Guidelines
The repository server command starts, stops, or displays the status of the VLAN Policy Server local repository. A repository is a remote or local server from which a system can receive software updates and images.
Use the restore command to restore a backed up configuration of the VLAN Policy Server.
restorerestore name
Syntax Description
restore name
Name of backup to be used to restore the VLAN Policy Server.
Usage Guidelines
To restore a configuration, use the restore command. If you use the restore command, all current domains, roles, users, and discovery configuration information will be erased.
Example
The following command will restore a backed up configuration:
To list, start, or stop the management services running on the system, use the services command.
services [status | start | stop]
Syntax Description
status
Displays the management services status.
start
Starts the management services.
stop
Stops the management services.
Usage Guidelines
Use this command to start, stop, or view status of the management services running on the system.
Management services are the software installed on the system by network management applications. Use this command to stop and restart the management services if the system is not responding correctly to a management application. This should cause the services to reset and function properly again.
To display the VLAN Policy Server ANI log, use the show anilog command.
show anilog [page] | includematchString1 [matchString2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server ANI log, one page at a time:
show anilog page
/var/adm/CSCOets/log/ani.log
SNMPThrPool: Instantiated ex.lib.snmp.lib.timer.DynamicThreadPool, mi
n=15, max=48, maxIdleSecs=240
2001/12/20 13:43:12 main ani MESSAGE DBConnection: Created new Database connecti
on [hashCode = 45981573]
2001/12/20 13:43:38 main ani MESSAGE ServletServiceModule: Moxie Servlet Engine
is ready to receive requests
2001/12/20 15:43:39 HSEStatusPoll ani MESSAGE DBConnection: Created new Database
connection [hashCode = 85057415]
2001/12/20 17:43:39 HSEStatusPoll ani MESSAGE DBConnection: Created new Database
connection [hashCode = 396959623]
2001/12/20 19:43:39 HSEStatusPoll ani MESSAGE DBConnection: Created new Database
--More--
show auth-cli
To display the type of authentication used for secure CLI access, use the show auth-cli command.
show auth-cli
Syntax Description
This command has no arguments or keywords.
Example
This command and response show that the VLAN Policy Server local authentication is being used for the CLI:
show auth-cli
local
show auth-http
To display the type of authentication used for secure HTTP access, use the show auth-http command.
show auth-http
Syntax Description
This command has no arguments or keywords.
Example
This command and response show that the VLAN Policy Server local authentication is being used for the CLI:
show auth-http
local
show backupconfig
The show backupconfig command displays the current backup and restore configuration.
show backupconfig
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
To display the current backup and restore configuration, use the show backupconfig command. If the backup configuration has not been set, the host and username fields display NONE.
Example
The following command displays the current backup and restore configuration:
To display the messages logged during the last system boot, use the show bootlog command.
show bootlog [page]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
Example
This command displays the messages logged during the last system boot:
show bootlog page
Linux/UID32 version 2.2.16-13bipsec.uid32 (gcc version egcs1
To display the VLAN Policy Server nearest neighbor on the network, use the show cdp neighbor command.
show cdp neighbor
Syntax Description
This command has no arguments or keywords.
Example
This command shows the nearest neighbor on the network.
show cdp neighbor
cdp neighbor device: Switch
device type: cisco WS-C2924-XL
port: FastEthernet0/12
address: 209.165.201.0
show cdp run
To display the Cisco Discovery Protocol (CDP) configuration, use the show cdp-run command.
show cdp run
Syntax Description
This command has no arguments or keywords.
Example
This command displays the CDP configuration:
show cdp run
CDP protocol is enabled ...
broadcasting interval is every 60 seconds.
time-to-live of cdp packets is 180 seconds.
CDP is enabled on port eth0.
show collectorlog
To display the VLAN Policy Server collector log, use the show collectorlog command.
show collector log [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
show collectorlog page
/var/adm/CSCOets/log/collector.log
2001/12/20 13:43:18 main HSECollector MESSAGE CollectorMain: Waiting for databas
e to be ready
2001/12/20 13:43:21 main HSECollector MESSAGE CollectorMain: Database is ready
SNMPThrPool: Instantiated ex.lib.snmp.lib.timer.DynamicThreadPool, mi
n=15, max=48, maxIdleSecs=0
2001/12/20 13:43:29 main HSECollector MESSAGE ServletServiceModule: Moxie Servle
To display the VLAN Policy Server daemons log, use the show daemonslog command.
show daemonslog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
show daemonslog page
/var/adm/CSCOets/log/daemons.log
[dmgrDbg] getenv(PX_DBG)=NULL
[dmgrDbg] getenv(PX_MY_DEBUG)=NULL
[dmgrDbg] getenv(PX_MY_TRACE)=NULL
[dmgrDbg] getenv(PX_DBG_LEVEL)=NULL
[dmgrDbg][Thu Dec 20 13:42:53 2001]##### INFO ##### re-evaluate DbgLevel=0x0
++>>it(1) = 8077978 <HSECollector>
++>>it(1) = 8077898 <HSEANIServer>
++>>it(1) = 8077428 <PostgreSQL>
++>>it(1) = 8077228 <WebServer>
++>>it(1) = 8077328 <Tomcat>
++>>it(1) = 80770d8 <ExcepReporter>
++>>it(1) = 8076fc8 <CDPbrdcast>
++>>it(1) = 8076e58 <PerfMon>
#!/bin/sh -v
#!/bin/sh -v
if [ "$NMSROOT" = "" ]; then
NMSROOT=/opt/CSCOets
export NMSROOT
fi
cd $NMSROOT
--More--
show dmgtdlog
To display the VLAN Policy Server daemon manager log, use the show dmgtdlog command.
show dmgtdlog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-c to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
show dmgtdlog page
/var/adm/CSCOets/log/dmgtd.log
Dec 20 13:42:56 ex dmgt[712]: #3001:TYPE=INFO:Using port: tcp/42340.
Dec 20 13:42:56 ex dmgt[714]: #3007:TYPE=INFO:Started application(HSEC
Dec 20 13:42:56 ex dmgt[714]: #3007:TYPE=INFO:Started application(HSEA
--More--
show hosts
To display your VLAN Policy Server host file, use the show hosts command.
show hosts [page]
Syntax Description
page
Displays command output one screen at a time.
Example
The following command displays your VLAN Policy Server host file, one page at a time:
show hosts page
show hseaccesslog
To display the VLAN Policy Server web access log, use the show hseaccesslog command.
show hseaccesslog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
To display the VLAN Policy Server Web error log, use the show hseerrorlog command.
show hseerrorlog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
'line', perhaps mis-spelled or defined by a module not included in the server c
onfiguration
[Thu Dec 20 13:43:00 2001] [error] (22)Invalid argument: <Perl>:
show hsesslaccesslog
To display the VLAN Policy Server Web SSL log, use the show hsesslaccesslog command.
show hsesslaccesslog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
show hsesslaccesslog page
show import
To display an imported host file, use the show import command.
show importhosts
Syntax Description
hosts
Name of server that host files were imported from.
Example
This command displays the imported host file:
show import ftpserver_1
show install logs
To display the software updates and images available on the configured repository, use the show install logs command.
show install logs [short | long] [page]
Syntax Description
short
Displays only the names of software updates and images on the configured repository.
long
Displays the names and descriptions of software updates and images on the configured repository.
page
Displays command output one screen at a time.
Example
The following command displays the software updates and images available on the configured browser, one screen at a time:
show install updates page
2
NAME=EX-2.0a
show ipchains
To display the IP chains for the selected interface, use the show ipchains command.
show ipchainseth<0-5>
Syntax Description
eth<0-5>
Name of the interface port to be configured. Acceptable values are eth0-5.
Example
The following command displays the IP chains for the ethernet 0 interface:
show ipchains eth0
Chain ineth0 (1 references):
target prot opt source destination ports
ACCEPT tcp -y--l- anywhere ex.help any -> telt
ACCEPT tcp ------ anywhere ex.help any -> telt
ACCEPT tcp ------ anywhere ex.help any -> 3345
ACCEPT tcp -y--l- anywhere ex.help any -> ssh
show maillog
To display the VLAN Policy Server mail log, use the show maillog command.
show maillog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server collector log, one page at a time:
show maillog page
/var/log/maillog
Dec 21 04:02:06 ex sendmail[11643]: EAA11643: from=root, size=307, cla
209.165.200.225 0.0.0.0 255.255.255.224 U 0 0 0 eth0
209.165.200.254 0.0.0.0 255.255.255.224 U 0 0 0 lo
209.165.202.128 0.0.0.0 255.255.255.224 UG 0 0 0 eth0
show securitylog
To display the VLAN Policy Server secure log information, use the show securitylog command.
show securitylog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server security log, one page at a time:
show securitylog page
/var/log/secure
Dec 20 13:45:23 ex in.tftpd[1381]: connect from 209.165.200.224
Dec 20 13:45:27 ex in.tftpd[1383]: connect from 209.165.200.224
Dec 20 13:45:31 ex in.tftpd[1385]: connect from 209.165.200.224
Dec 20 13:45:35 ex in.tftpd[1387]: connect from 209.165.200.224
Dec 20 13:45:39 ex in.tftpd[1389]: connect from 209.165.200.224
Dec 20 13:45:44 ex in.tftpd[1391]: connect from 209.165.200.224
Dec 20 13:45:48 ex in.tftpd[1393]: connect from 209.165.200.224
Dec 20 13:45:52 ex in.tftpd[1395]: connect from 209.165.200.224
Dec 20 13:45:56 ex in.tftpd[1397]: connect from 209.165.200.224
Dec 20 13:46:00 ex in.tftpd[1399]: connect from 209.165.200.224
Dec 20 13:46:04 ex in.tftpd[1412]: connect from 209.165.200.224
Dec 20 13:46:27 ex in.tftpd[1424]: connect from 209.165.200.224
Dec 20 13:46:31 ex in.tftpd[1426]: connect from 209.165.200.224
Dec 20 13:46:35 ex in.tftpd[1428]: connect from 209.165.200.224
Dec 20 13:46:39 ex in.tftpd[1430]: connect from 209.165.200.224
Dec 20 13:46:43 ex in.tftpd[1432]: connect from 209.165.200.224
Dec 20 13:46:47 ex in.tftpd[1434]: connect from 209.165.200.224
--More--
show snmp-server
To display the VLAN Policy Server SNMP configuration, use the show snmp-server command.
show snmp-server
Syntax Description
This command has no arguments or keywords.
Example
The following command displays the VLAN Policy Server SNMP configuration:
show snmp-server
RW community string: private
RO community string: public
sysLocation: your site information
sysContact: your contact information
trap-forwarding is disabled
show ssh-version
To display the type of SSH enabled, use the ssh-version command.
show ssh-version
Syntax Description
This command has no arguments or keywords.
Example
This command displays the type of SSH that is enabled:
show ssh-version
SSH1, SSH2
show syslog
To display syslog information, use the show syslog command.
show syslog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Usage Guidelines
Use this command to display syslog information.
To filter the command output to include only the records that contain the specified string(s) of characters, use the include option with one or two character strings to search for. If you include two strings, the command outputs only those records that contain both character strings.
Example
This command displays syslog information:
show syslog
Jun 20 16:04:23 ex syslogd 1.3-3: restart.
Jun 20 16:04:23 ex syslog: syslogd startup succeeded
Jun 20 16:04:23 ex kernel: klogd 1.3-3, log source = /proc/kmsg start.
Jun 20 16:04:23 ex kernel: Inspecting /boot/System.map-2.2.16-13bipse2
Jun 20 16:04:23 ex syslog: klogd startup succeeded
To display information necessary for the Cisco Technical Assistance Center (TAC) to assist you, use the show tech command.
show tech [page]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
Example
This command displays system information necessary for TAC to assist you.
show tech page
/bin/cat: /var/log/secure: Permission denied
Copyright (c) 1999-2000 by Cisco Systems, Inc.
Build Version (166) Mon Jun 11 16:56:23 PDT 2001
Linux/UID32 version 2.2.16-13bipsec.uid32 (gcc version egcs1
To display the VLAN Policy Server Telnet status, use the show telnetenable command.
show telnetenable
Syntax Description
This command has no arguments or keywords.
Example
The following command shows whether Telnet is enabled or disabled:
show telnetenable
telnet enable for: ALL
show tomcatlog
To display the VLAN Policy Server Tomcat log, use the show tomcatlog command.
show tomcatlog [page] | includematchstring1 [matchstring2]
Syntax Description
page
Displays command output one screen at a time. Press Enter to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt.
include
Filters the command output to display only the records that contain the specified string of characters.
matchstring1
String of characters to search for in the command output.
matchstring2
(Optional.) Another string of characters to search for in the command output.
Example
The following command displays the VLAN Policy Server tomcat log, one page at a time:
getUIProperties(): unhandled error could be a bad ui.properties
java.lang.NullPointerException
at java.io.Reader.<init>(Reader.java:68)
at java.io.InputStreamReader.<init>(InputStreamReader.java:96)
--More--
shutdown
To shut down the system in preparation for powering it off, use the shutdown command.
shutdown
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
Use this command to shut down the VLAN Policy Server in preparation for powering it off. All processes running on the VLAN Policy Server will stop, and it will not respond until you power it off and back on.
You are prompted to verify the shutdown. Enter yes to continue, or no to cancel the shutdown.
CautionNever power off the system without running the shutdown command first. Doing so can destroy data and prevent the system from booting.
IP addresses of systems allowed Telnet access. If this argument is used, no other machines will be allowed access. Multiple IP addresses are allowed.
domains
Domains of systems allowed Telnet access. If this argument is used, machines with domains other than the specified domains will be denied Telnet access. Multiple domains are allowed.
disable
Disables Telnet access to the system.
status
Displays current access status.
Default
The default is disable.
Usage Guidelines
To enable Telnet access to the system for all IP source addresses, use the telnetenable enable command alone. To enable specific IP addresses, use the telnetenable enable command followed by the IP addresses.
Example
This command enables Telnet for all IP source addresses:
telnetenable enable
username
To create a new user account or change an account's properties, use the username command. Use the no form of the command to remove a user account.
usernamenamepasswordpassword [privilege {0 | 15}]
no usernamename
Syntax Description
name
Name of the user account to create or remove.
password
Specifies a password for the account.
password
The password for the account.
privilege
(Optional.) Specifies the account privilege level.
0
Gives the account level 0 privileges. This is the default.
15
Gives the account level 15 privileges.
Usage Guidelines
Use the username command to change the properties of a user account. To assign a user CLI privilege level 15, use the username command. You cannot assign CLI privilege level 15 through the web interface. Use the no form of the command to remove a user account. The default privilege level is 0 if you do not provide the privilege option.
This command creates a user account named user1 with password password1 and privilege level 15:
username user1 password password1 privilege 15
This command removes the user account:
no username user1
Maintenance Image Commands
This section describes the commands that are available when the system is booted from the maintenance image. For more information about the maintenance image, refer to the "Using the Maintenance Image" section.
erase config
This command is identical to the level 15 erase config command. For a description, see the "erase config" section.
fsck
To check and repair the filesystem, use the fsck command.
fsck
Syntax Description
This command has no arguments or keywords.
Usage Guidelines
Use the fsck command to check and repair the filesystem. The command might prompt you for confirmation before making certain repairs.
Example
The following command checks and repairs the filesystem:
fsck
reload
This command is identical to the level 15 reload command. For a description, see "reload" section.